diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile index 5488588e4f17..29b5d40446ae 100644 --- a/share/man/man9/Makefile +++ b/share/man/man9/Makefile @@ -41,6 +41,7 @@ MAN= accept_filter.9 \ config_intrhook.9 \ contigmalloc.9 \ copy.9 \ + cr_cansee.9 \ critical_enter.9 \ cr_seeothergids.9 \ cr_seeotheruids.9 \ @@ -157,6 +158,7 @@ MAN= accept_filter.9 \ panic.9 \ pbuf.9 \ p_candebug.9 \ + p_cansee.9 \ pci.9 \ pfil.9 \ pfind.9 \ diff --git a/share/man/man9/cr_cansee.9 b/share/man/man9/cr_cansee.9 new file mode 100644 index 000000000000..53823c16371a --- /dev/null +++ b/share/man/man9/cr_cansee.9 @@ -0,0 +1,92 @@ +.\" +.\" Copyright (c) 2006 Ceri Davies +.\" +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 19, 2006 +.Os +.Dt CR_CANSEE 9 +.Sh NAME +.Nm cr_cansee +.Nd "determine visibility of objects given their user credentials" +.Sh SYNOPSIS +.In sys/param.h +.In sys/systm.h +.In sys/ucred.h +.Ft int +.Fn cr_cansee "struct ucred *u1" "struct ucred *u2" +.Sh DESCRIPTION +This function determines the visibility of objects in the +kernel based on the real user IDs and group IDs in the credentials +.Fa u1 +and +.Fa u2 +associated with them. +.Pp +The visibility of objects is influenced by the +.Xr sysctl 8 +variables +.Va security.bsd.see_other_gids +and +.Va security.bsd.see_other_uids , +as per the description in +.Xr cr_seeothergids 9 +and +.Xr cr_seeotheruids 9 +respectively. +.Sh RETURN VALUES +This function returns zero if the object with credential +.Fa u1 +can +.Dq see +the object with credential +.Fa u2 , +or +.Er ESRCH +otherwise. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er ESRCH +The object with credential +.Fa u1 +cannot +.Dq see +the object with credential +.Fa u2 . +.It Bq Er ESRCH +The object with credential +.Fa u1 +has been jailed and the object with credential +.Fa u2 +does not belong to the same jail as +.Fa u1 . +.It Bq Er ESRCH +The MAC subsystem denied visibility. +.El +.Sh SEE ALSO +.Xr cr_seeothergids 9 , +.Xr cr_seeotheruids 9 , +.Xr mac 9 , +.Xr p_cansee 9 diff --git a/share/man/man9/p_cansee.9 b/share/man/man9/p_cansee.9 new file mode 100644 index 000000000000..92ffeeaaa786 --- /dev/null +++ b/share/man/man9/p_cansee.9 @@ -0,0 +1,93 @@ +.\" +.\" Copyright (c) 2003 Joseph Koshy +.\" Copyright (c) 2006 Ceri Davies +.\" +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 19, 2006 +.Os +.Dt P_CANSEE 9 +.Sh NAME +.Nm p_cansee +.Nd determine visibility of a process +.Sh SYNOPSIS +.In sys/param.h +.In sys/proc.h +.Ft int +.Fn p_cansee "struct thread *td" "struct proc *p" +.Sh DESCRIPTION +This function can be used to determine if a given process +.Fa p +is visible to the thread +.Fa td , +where the notion of +.Dq visibility +may be read as +.Dq "awareness of existence" . +.Pp +The function is implemented using +.Xr cr_cansee 9 , +and the dependencies on +.Xr sysctl 8 +variables documented in the +.Xr cr_cansee 9 +manual page apply. +.Sh RETURN VALUES +The +.Fn p_cansee +function +returns +.Li 0 +if the process denoted by +.Fa p +is visible by thread +.Fa td , +or a non-zero error return value otherwise. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er ESRCH +Process +.Fa p +is not visible to thread +.Fa td +as determined by +.Xr cr_cansee 9 . +.It Bq Er ESRCH +Thread +.Fa td +has been jailed and process +.Fa p +does not belong to the same jail as +.Fa td . +.It Bq Er ESRCH +The MAC subsystem denied visibility. +.El +.Sh SEE ALSO +.Xr jail 2 , +.Xr sysctl 8 , +.Xr cr_cansee 9 , +.Xr mac 9 , +.Xr p_candebug 9 , +.Xr prison_check 9